package com.sgh.springsecurity.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Description:
 * @Author: sgh
 * @Date: 2024/12/15
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //禁用csrf
        //http.csrf().disable();
        //登录页面
        http.formLogin()
                //登录页面
                .loginPage("/loginPage")
                //登录请求
                .loginProcessingUrl("/login")
                //登录成功跳转,POST请求
                .successForwardUrl("/toHomePage")
                //登录失败跳转,POST请求
                .failureForwardUrl("/toError");

        http.logout()
                //退出登录请求
                .logoutUrl("/logout")
                //退出成功跳转
                .logoutSuccessUrl("/logout");

        http.authorizeRequests()
                //不需要认证的请求,放行
                .antMatchers("/loginPage").permitAll()
                .antMatchers("/toError").permitAll()
                //需要认证的请求
                .anyRequest().authenticated();
    }
}
